feat(ci): rustls + buildenv ALL_FEATURES + inline release upload + target-triple naming #23

Merged

mik-tf merged 3 commits from development_mik_biz_from_ci into development 2026-05-04 19:30:23 +00:00

Conversation 0 Commits 3 Files changed 33 +3219 -1174

mik-tf commented 2026-05-04 18:10:46 +00:00

Owner

Copy link

Summary

Four coordinated changes to enable hero_biz --from-ci install path. Bundled into one PR per "we need clean work" + runner-cycle frugality (validated with full local workspace gate before push).

Changes

1. Switch reqwest to rustls (musl prerequisite)

crates/hero_biz_ui/Cargo.toml lines 54 + 70 — both [dependencies] and [dev-dependencies] reqwest entries:

-reqwest = { version = "0.12", features = ["json", "multipart"] }
+reqwest = { version = "0.12", default-features = false, features = ["json", "multipart", "rustls-tls"] }

Same fix as hero_slides#45. cargo update -p reqwest removes openssl-sys, openssl, native-tls, tokio-native-tls, hyper-tls from Cargo.lock.

2. Fix stale ALL_FEATURES in buildenv.sh

The workspace refactor (ccf98c3) moved hero_osis_sdk feature gating from top-level workspace features to per-crate dep declarations, but buildenv.sh wasn't updated and still referenced hero_osis-business, hero_osis-projects, hero_osis-identity — features that don't exist anywhere in the current workspace.

CI has been silently broken on this since the refactor — every prior tag (v0.1.0 / 0.1.1 / 0.1.2) failed at:

error: none of the selected packages contains these features:
  hero_osis-business, hero_osis-identity, hero_osis-projects

Match hero_books' buildenv.sh: ALL_FEATURES="default" (universally-valid no-op feature name). Per-crate hero_osis_sdk feature settings (features = ["business", "projects"]) still apply correctly.

3. Replace publish_binaries with inline release-asset upload

.forgejo/workflows/build-linux.yaml — single Publish step (using shared-helper publish_binaries that writes only to pkg registry — the cluster A bug per hero_demo#54 c28672) replaced with the canonical inline pattern from hero_books's working build-linux.yaml:

• Create Release — race-tolerant POST to /api/v1/repos/.../releases
• Upload Release Assets — POST each binary to /releases/<id>/assets
• Upload to Package Registry — keeps the pkg-registry mirror as a secondary publish point

This is what makes assets appear at forge.ourworld.tf/lhumina_code/hero_biz/releases/tag/<tag> (downloadable by service_biz install --from-ci).

4. Asset naming → target triple (per home#212)

Target	Old name	New name
x86_64-unknown-linux-musl	linux-amd64	x86_64-unknown-linux-musl
aarch64-unknown-linux-gnu	linux-arm64	aarch64-unknown-linux-gnu

Honest about libc per repo (musl for amd64, gnu for arm64). Matches the convention slides shipped with in hero_slides v0.1.0-rc2.

+ cargo fmt --all

Small fmt drift cleanup. Clippy drift (~99 warnings) deferred to hero_biz#22 — separate concern, CI doesn't gate on clippy today, bundling it would have made this PR un-reviewable.

Validation (local before push)

✓ cargo fmt --all -- --check
✓ cargo check --workspace
✓ cargo build --workspace --release  (1m14s release)
✓ Cargo.lock: 0 openssl-sys / 0 native-tls
✓ workflow YAML parses

Refs

• hero_demo#54 — --from-ci rollout, Phase 2 cluster A
• hero_biz#13 — Phase 2 audit issue
• hero_biz#22 — clippy hygiene follow-up (separate)
• home#212 — workspace-wide naming standard

Test plan

• All gates pass locally
• Cargo.lock no longer pulls openssl chain
• cargo build --features default works on the workspace
• CI workflow_dispatch run on this branch passes both matrix legs (musl + arm64-gnu)
• After merge: tag v0.1.3-rc2 (succeeding the failed-but-stale v0.1.3-rc1), verify Forgejo Release shows 4 assets (2 binaries × 2 archs) with target-triple naming
• Wire service_biz.nu --from-ci on hero_skills with suffix x86_64-unknown-linux-musl
• Smoke service_biz install --from-ci --version v0.1.3-rc2 on heroci

Signed-off-by: mik-tf

## Summary Four coordinated changes to enable hero_biz `--from-ci` install path. Bundled into one PR per "we need clean work" + runner-cycle frugality (validated with full local workspace gate before push). ## Changes ### 1. Switch reqwest to rustls (musl prerequisite) `crates/hero_biz_ui/Cargo.toml` lines 54 + 70 — both `[dependencies]` and `[dev-dependencies]` reqwest entries: ```diff -reqwest = { version = "0.12", features = ["json", "multipart"] } +reqwest = { version = "0.12", default-features = false, features = ["json", "multipart", "rustls-tls"] } ``` Same fix as [hero_slides#45](https://forge.ourworld.tf/lhumina_code/hero_slides/pulls/45). `cargo update -p reqwest` removes openssl-sys, openssl, native-tls, tokio-native-tls, hyper-tls from `Cargo.lock`. ### 2. Fix stale `ALL_FEATURES` in buildenv.sh The workspace refactor (`ccf98c3`) moved hero_osis_sdk feature gating from top-level workspace features to per-crate dep declarations, but `buildenv.sh` wasn't updated and still referenced `hero_osis-business`, `hero_osis-projects`, `hero_osis-identity` — features that don't exist anywhere in the current workspace. CI has been silently broken on this since the refactor — every prior tag (v0.1.0 / 0.1.1 / 0.1.2) failed at: ``` error: none of the selected packages contains these features: hero_osis-business, hero_osis-identity, hero_osis-projects ``` Match hero_books' buildenv.sh: `ALL_FEATURES="default"` (universally-valid no-op feature name). Per-crate hero_osis_sdk feature settings (`features = ["business", "projects"]`) still apply correctly. ### 3. Replace `publish_binaries` with inline release-asset upload `.forgejo/workflows/build-linux.yaml` — single `Publish` step (using shared-helper `publish_binaries` that writes only to pkg registry — the cluster A bug per [hero_demo#54 c28672](https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54#issuecomment-28672)) replaced with the canonical inline pattern from [hero_books's working build-linux.yaml](https://forge.ourworld.tf/lhumina_code/hero_books/src/branch/development/.forgejo/workflows/build-linux.yaml): - `Create Release` — race-tolerant POST to `/api/v1/repos/.../releases` - `Upload Release Assets` — POST each binary to `/releases/<id>/assets` - `Upload to Package Registry` — keeps the pkg-registry mirror as a secondary publish point This is what makes assets appear at `forge.ourworld.tf/lhumina_code/hero_biz/releases/tag/<tag>` (downloadable by `service_biz install --from-ci`). ### 4. Asset naming → target triple (per [home#212](https://forge.ourworld.tf/lhumina_code/home/issues/212)) | Target | Old name | New name | |---|---|---| | `x86_64-unknown-linux-musl` | `linux-amd64` | `x86_64-unknown-linux-musl` | | `aarch64-unknown-linux-gnu` | `linux-arm64` | `aarch64-unknown-linux-gnu` | Honest about libc per repo (musl for amd64, gnu for arm64). Matches the convention slides shipped with in [hero_slides v0.1.0-rc2](https://forge.ourworld.tf/lhumina_code/hero_slides/releases/tag/v0.1.0-rc2). ### + cargo fmt --all Small fmt drift cleanup. **Clippy drift (~99 warnings) deferred to [hero_biz#22](https://forge.ourworld.tf/lhumina_code/hero_biz/issues/22)** — separate concern, CI doesn't gate on clippy today, bundling it would have made this PR un-reviewable. ## Validation (local before push) ``` ✓ cargo fmt --all -- --check ✓ cargo check --workspace ✓ cargo build --workspace --release (1m14s release) ✓ Cargo.lock: 0 openssl-sys / 0 native-tls ✓ workflow YAML parses ``` ## Refs - [hero_demo#54](https://forge.ourworld.tf/lhumina_code/hero_demo/issues/54) — `--from-ci` rollout, Phase 2 cluster A - [hero_biz#13](https://forge.ourworld.tf/lhumina_code/hero_biz/issues/13) — Phase 2 audit issue - [hero_biz#22](https://forge.ourworld.tf/lhumina_code/hero_biz/issues/22) — clippy hygiene follow-up (separate) - [home#212](https://forge.ourworld.tf/lhumina_code/home/issues/212) — workspace-wide naming standard ## Test plan - [x] All gates pass locally - [x] `Cargo.lock` no longer pulls openssl chain - [x] `cargo build --features default` works on the workspace - [ ] CI workflow_dispatch run on this branch passes both matrix legs (musl + arm64-gnu) - [ ] After merge: tag `v0.1.3-rc2` (succeeding the failed-but-stale v0.1.3-rc1), verify Forgejo Release shows 4 assets (2 binaries × 2 archs) with target-triple naming - [ ] Wire `service_biz.nu --from-ci` on hero_skills with suffix `x86_64-unknown-linux-musl` - [ ] Smoke `service_biz install --from-ci --version v0.1.3-rc2` on heroci Signed-off-by: mik-tf

mik-tf added 1 commit 2026-05-04 18:10:46 +00:00

feat(ci): switch reqwest to rustls + inline release upload + target-triple naming ... 18022e4bbb

Three coordinated changes to enable hero_biz `--from-ci` install path:

1. crates/hero_biz_ui/Cargo.toml — switch reqwest to default-features=false
   + rustls-tls in both [dependencies] and [dev-dependencies]. Same fix as
   hero_slides (lhumina_code/hero_slides#45). cargo update -p reqwest
   removes openssl-sys, openssl, native-tls, tokio-native-tls, hyper-tls
   from Cargo.lock entirely. Required for the existing musl matrix entry
   to actually build (would have hit pkg-config cross-link wall otherwise).

2. .forgejo/workflows/build-linux.yaml — replace single Publish step
   (using shared-helper publish_binaries which writes only to pkg
   registry) with the inline pattern from hero_books's working
   build-linux.yaml: Create Release + Upload Release Assets to
   /api/v1/repos/.../releases/<id>/assets, plus an optional pkg-registry
   mirror. Fixes the cluster A bug documented in
   lhumina_code/hero_demo#54 (comment)

3. Asset naming: matrix `artifact:` updated from `linux-amd64` /
   `linux-arm64` to the full Rust target triple (`x86_64-unknown-linux-musl`
   / `aarch64-unknown-linux-gnu`) per home#212. Honest about libc per repo
   (musl for amd64, gnu for arm64).

cargo fmt --all also applied (small drift). Clippy drift (~99 warnings)
deferred to a separate hygiene issue — CI doesn't gate on clippy today,
so it's not blocking this rollout.

Refs:
- lhumina_code/hero_demo#54
- lhumina_code/home#212
- #13

Signed-off-by: mik-tf

mik-tf added 1 commit 2026-05-04 18:26:21 +00:00

fix(buildenv): set ALL_FEATURES=default (was referencing non-existent features) ... 47f8e7d975

The workspace refactor (ccf98c3) moved hero_osis_sdk feature gating from
top-level workspace features to per-crate dep declarations
(crates/hero_biz_app/Cargo.toml + crates/hero_biz_ui/Cargo.toml each
declare `features = ["business", "projects"]` directly on the
hero_osis_sdk dep). The buildenv.sh was not updated and still references
the old `hero_osis-business`, `hero_osis-projects`, `hero_osis-identity`
features that don't exist anywhere in the current workspace.

CI has been silently broken on this since the refactor — the prior tags
(v0.1.0/0.1.1/0.1.2) all failed at the cargo build step with:

  error: none of the selected packages contains these features:
    hero_osis-business, hero_osis-identity, hero_osis-projects

Match hero_books' buildenv.sh: ALL_FEATURES="default" — universally-valid
no-op feature name (every Cargo crate has an implicit `default` feature).
The actual hero_osis_sdk features needed at runtime are still enabled
correctly via the dep declarations.

Refs: lhumina_code/hero_demo#54

Signed-off-by: mik-tf

mik-tf changed title from feat(ci): switch reqwest to rustls + inline release upload + target-triple naming to feat(ci): rustls + buildenv ALL_FEATURES + inline release upload + target-triple naming 2026-05-04 18:27:08 +00:00

mik-tf added 1 commit 2026-05-04 19:08:33 +00:00

fix(ci): replace jq with python3 in Create Release step ... 571314aeff

The runner image (ghcr.io/despiegk/builder:latest) does not include jq,
which broke run #184 attempt #2 at:

  /var/run/act/workflow/create-release.sh: line 15: jq: command not found
  exitcode '127'

The build itself completed successfully — both reqwest+rustls and
ALL_FEATURES=default fixes worked. Only the release-id parsing failed.

Switch to python3 (universally available in the runner image) using
the same GET-first / POST-fallback pattern as hero_slides' release.yaml.

Refs: lhumina_code/hero_demo#54

Signed-off-by: mik-tf

mik-tf merged commit ac4b16d2f7 into development 2026-05-04 19:30:23 +00:00

mik-tf deleted branch development_mik_biz_from_ci 2026-05-04 19:30:23 +00:00

mik-tf referenced this pull request from a commit 2026-05-04 19:30:24 +00:00

feat(ci): rustls + buildenv ALL_FEATURES + inline release upload + target-triple naming (#23)

mik-tf referenced this pull request from a commit 2026-05-04 19:47:48 +00:00

fix(ci): source buildenv.sh from repo root, not scripts/

mik-tf referenced this pull request from lhumina_code/hero_skills 2026-05-04 20:23:16 +00:00

feat(service_biz): add --from-ci install path (x86_64-unknown-linux-musl, v0.1.3-rc4) #204

casper-stevens referenced this pull request 2026-05-08 08:54:54 +00:00

[ci] Release artifacts not published — --from-ci install path blind to this repo #13

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_biz!23

No description provided.